Securify gains higher security rating

Securify officials say they can offer federal users one of the strongest solutions for gaining visibility and control of critical network functions because the company’s security monitoring system has achieved a higher Common Criteria evaluation.

The company’s SecurVantage 5.0 has moved from Evaluation Assurance Level 2 to EAL3 after undergoing six months of stringent testing by the independent CygnaCom Security Evaluation Laboratory, Securify officials said.

“This means that the review of [Securify’s] implementation of security features has [undergone] more thorough testing,” said Jose Caldera, the company’s security architect. SecurVantage is an automated security system that allows users to generate business-driven security policies, monitor network compliance, produce relevant network operational information. It also provides network and application trend reporting.

The Defense Information Systems Agency, DOD’s Special Operations Command, and the Department of Health and Human Services use SecurVantage to improve the security of their networks, Securify officials said.

The Common Criteria Evaluation and Validation Scheme is an international standard that proves that security products’ integrity and underlying technology have been tested and validated against known criteria. A third-party source performs the testing. The National Institute of Standards and Technology and the National Security Agency established the National Information Assurance Partnership (NIAP) to evaluate information technology products’ conformance to the Common Criteria standard.

The Government Accountability Office has criticized NIAP recently for not doing enough to educate agencies or vendors about Common Criteria. A GAO report issued earlier this month also chided NIAP for not providing metrics or evidence that the Common Criteria improves product security.

In addition, the report states that the Common Criteria process takes so long to complete that agencies often find that the products they need are not on the list of certified offerings or that only older versions have been accredited.

Securify officials noted that the process could be streamlined. Steve Woo, Securify’s vice president of marketing, said Common Criteria testing improves the security of products.

This is Securify’s second time going through the process, he said. Common Criteria testing has helped the company make significant changes in its software development, he added.